LDAP backend support for direct bind

[Erich Hochmuth <eh...@climate.com>]

Would there be interest in updating the LDAP backend to support two new
features:

   - direct bind searching using the credentials from those of the
   user authenticating with the WebUI
   - a distinguished name template to allow the user supplied user login to
   be augmented

My IT group doesn’t allow an anonymous search nor do they support creating
an application account to bind to LDAP.

Looking at the LDAP backend the only issue that would need to be worked out
would be when to cache the superuser and data_profiler settings since those
could’t always happen at the time that the LdapUser is instantiated.
https://github.com/apache/incubator-airflow/blob/master/airflow/contrib/auth/backends/ldap_auth.py

I’d be happy to create a Jira and make these changes if folks thought they
fit in.

Thanks,
Erich

Re: LDAP backend support for direct bind

[Jayesh Senjaliya <jh...@gmail.com>]

+1, useful feature for enterprises.

On Fri, Jan 6, 2017 at 9:01 PM, Erich Hochmuth <eh...@climate.com>
wrote:

> Would there be interest in updating the LDAP backend to support two new
> features:
>
>    - direct bind searching using the credentials from those of the
>    user authenticating with the WebUI
>    - a distinguished name template to allow the user supplied user login to
>    be augmented
>
> My IT group doesn’t allow an anonymous search nor do they support creating
> an application account to bind to LDAP.
>
> Looking at the LDAP backend the only issue that would need to be worked out
> would be when to cache the superuser and data_profiler settings since those
> could’t always happen at the time that the LdapUser is instantiated.
> https://github.com/apache/incubator-airflow/blob/master/
> airflow/contrib/auth/backends/ldap_auth.py
>
> I’d be happy to create a Jira and make these changes if folks thought they
> fit in.
>
> Thanks,
> Erich
>